Security Incidents mailing list archives
DDOS ?
From: "[ K o S a K ]" <kosak () EPSYLON ORG>
Date: Fri, 10 Nov 2000 21:06:09 +0100
Hi, Last night, i have been under a UDP Flood attack during 1 hour. I couldn't access the internet when i was under attack. My little firewall ( conseal on win98 ) has generate 6Mo of log file. There where at least 30 different IP source. ( perhaps spoofed packet ) First i thought about a broadcast attack, but the attack is with UDP proto, so perhaps a DDOS... Can someone tell me more about DDOS or tools that can make such an UDP flood? Here is a sample of the attack : 2000/11/10 00:42:28 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=208.220.149.154, dst=213.245.XXX.XXX, sport=7, dport=30270. 2000/11/10 00:42:28 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=208.220.149.154, dst=213.245.XXX.XXX, sport=7, dport=57494. 2000/11/10 00:42:28 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=216.166.17.71, dst=213.245.XXX.XXX, sport=7, dport=793. 2000/11/10 00:42:28 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=168.223.90.6, dst=213.245.XXX.XXX, sport=7, dport=7050. 2000/11/10 00:42:28 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=168.223.26.180, dst=213.245.XXX.XXX, sport=7, dport=7050. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=208.220.149.154, dst=213.245.XXX.XXX, sport=7, dport=58512. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=202.103.11.44, dst=213.245.XXX.XXX, sport=7, dport=19090. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=206.171.190.83, dst=213.245.XXX.XXX, sport=7, dport=7244. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=208.220.149.154, dst=213.245.XXX.XXX, sport=7, dport=58512. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=207.89.154.209, dst=213.245.XXX.XXX, sport=7, dport=53695. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=207.89.154.209, dst=213.245.XXX.XXX, sport=7, dport=53695. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=216.166.17.71, dst=213.245.XXX.XXX, sport=7, dport=60931. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=207.254.39.132, dst=213.245.XXX.XXX, sport=7, dport=14876. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=208.220.149.154, dst=213.245.XXX.XXX, sport=7, dport=58512. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=210.228.2.6, dst=213.245.XXX.XXX, sport=7, dport=9150. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=206.171.190.83, dst=213.245.XXX.XXX, sport=7, dport=17074. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=210.228.2.6, dst=213.245.XXX.XXX, sport=7, dport=9150. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=210.251.128.126, dst=213.245.XXX.XXX, sport=7, dport=6547. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=207.89.154.209, dst=213.245.XXX.XXX sport=7, dport=53695. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=206.171.190.83, dst=213.245.XXX.XXX, sport=7, dport=17074. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=207.71.3.97, dst=213.245.XXX.XXX, sport=7, dport=46310. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=0.0.0.0, dst=213.245.XXX.XXX, sport=7, dport=5275. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=207.98.146.178, dst=213.245.XXX.XXX, sport=7, dport=14876. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=205.210.84.1, dst=213.245.XXX.XXX, sport=7, dport=40935. 2000/11/10 00:42:29 GMT +0100: Carte D-Link DE22..[0001][No matching rule] Blocking incoming UDP: src=206.171.190.83, dst=213.245.XXX.XXX, sport=7, dport=7244. ..... ..... Thanks for you help. KoSaK
Current thread:
- pao-s01.gw.epoch.net Sean Michael Whipkey (Nov 09)
- Re: pao-s01.gw.epoch.net Jay D. Dyson (Nov 09)
- Re: pao-s01.gw.epoch.net A. T. Guarnieri (Nov 11)
- DDOS ? [ K o S a K ] (Nov 13)
- Re: pao-s01.gw.epoch.net A. T. Guarnieri (Nov 11)
- Re: pao-s01.gw.epoch.net Jay D. Dyson (Nov 09)